I see the system default protection policy "MirrorAndVault" is daily 7 and weekly 52. Does it mean the system will keep 7 daily snapshots and 52 weekly snapshots? For these long term snapshot, I am always wondering if data changes often and big, snapshot space usage will run out of control. we were used to have 7TB snapshotd for a 5TB CIFS share on EMC in 30 days.
Can someone share your experience how can we manage snapshot space usage for long term snapvaults? thanks.
Once you found the "offender", You need to understand what they do and why.
In my environment I usually keep the snap-reserve configuration to be very low and use AIUM (OCUM) to monitor breaches as an indicator for ransomware and intentional/accidental deletion. That's also how I found a case where a developer compress existing files again and again (to hourly, then daily, then weekly and monthly zip archives). Ideally this kind of activity need to be moved to a low retention volume, and once the files been fully processed - moved to long retention volume.
Auditing/fpolicy can possibly also be used to track what is writing to a volume or deleting stuff. Auditing works on CIFS, but fpolicy works on NFS. Make sure if you go down the fpolicy route to enable first-read/write on both CIFS/NFS.